Amid all the news that hackers gave gotten their hands on millions of credit card numbers and contact information from at least five retailers — including Target and Neiman Marcus — many of you might be wondering what those thieves could really net from just an email address, home address, phone number or credit card number.

The answer depends on you, and what kind of “ish” you could get sucked in by.

On the one hand, you’re technically right: Once a credit card is canceled and without your Social Security number, there’s not much left for an identity thief to directly profit from. But with a little extra work and some programming ingenuity, identity thieves can use this information to engage in what I like to call the pantheon of “ishing” – phishing, spear-phishing, vishing and smishing – and still turn a tidy profit from their crimes with your inadvertent help.

So, what are these four big ishes? Let’s go through them, shall we?

1. Phishing

If you have an email account, you’re probably already familiar with phishing, which is when you (and thousands of other people) get an email claiming to be “your” financial company, email provider or best friend (among other identities) in an effort to get you to give them sensitive financial information or personal information (like your Social Security number), or even to click on a link that will collect that information or install a virus or malware onto your computer.

What you might not know is that phishermen’s trawling tactics are increasingly sophisticated and their emails look more and more like they’ve come from reputable sources, which is why you have to retrain yourself not to click, no matter how initially important or worrisome the email might seem.

If you think you do need to be in touch with your financial institution, email provider or best buddy, type that email address directly in a new window, or Web address in a new browser.

2. Spear-phishing

Spear-phishing is, as it sounds, just a more targeted form of phishing. Hackers will go through lists of contact data looking for people who seem either more vulnerable to phishing tactics or more important – like people who work at financial services companies – and send them tailored emails that appear to come from specific, important people they know. They’re often asked to click on links or download seemingly innocuous files and – bam – the hackers are in.

3. Vishing

Vishing is how hackers take advantage of phone number databases – like the ones accessed in the SnapChat hack. They’ll call you and claim to be from your bank (they just need your account number and routing information), the IRS (just confirm your Social Security number) or even Microsoft (just let them log into your PC remotely) to try to gain access to your personal or financial information or even install malware on your devices.

4. Smishing

Perhaps the newest identity theft technique is smishing – and, no, this isn’t what Snooki and the gang were talking about on “Jersey Shore.” Instead, hackers use cellphone numbers they’ve obtained – through everything from the SnapChat hack to the Target hack – to text people unawares. They can disguise their numbers, pretend to be companies with which you are affiliated or simply encourage you to open a link that can install malware or viruses on your smartphone.

But all these techniques require one thing: that consumers fall for it. They require you to let your guard down, assume your spam filter will catch it, be distracted when so-and-so from “your bank” calls worried about your account security, or wondering who would text you a link to something and what it could all mean.

They require you to think that Target’s offer of free credit monitoring is all you need to protect yourself, that a hacker having your email address isn’t a big deal, and that once your credit card is replaced, you need not closely monitor your accounts after that.

The truth is that all of us – regardless of whether we think we’ve been caught up in a data breach – need to be vigilant when it comes to our information. Check your accounts regularly. Check your credit reports for free once a year with each of the major credit bureaus. Ensure the reports are accurate and that you recognize all the accounts.

If you even suspect they have mistakes, reach out to the bureaus (Experian, Equifax and TransUnion). To monitor your credit more regularly, you can use a free tool like Credit.com’s Credit Report Card for a breakdown, updated monthly, of the information in your credit report along with free credit scores. If you see your score drop for no reason, you know something could be up.

The hackers want you to let your own issues overcome your healthy skepticism when it’s time for their “ish.” Don’t grant their wish.

Sign up for our free newsletter

Like this article? Sign up for our newsletter and we'll send you a regular digest of our newest stories, full of money saving tips and advice, free! We'll also email you a PDF of Stacy Johnson's "205 Ways to Save Money" as soon as you've subscribed. It's full of great tips that'll help you save a ton of extra cash. It doesn't cost a dime, so why wait? Click here to sign up now.

Comments & discussion

We welcome your opinions, but let’s keep it civil. Like many businesses, we reserve the right to refuse service to anyone. In our case, that means those who communicate by name-calling, racism, using words designed to hurt others or generally acting like an uninformed bully. Also, comments that include links to email addresses or commercial websites typically aren't posted. This isn't a place to advertise your business.

bigpinch

Good advice. Not only am I vigilant with my own and my wife’s financial interests but, now, I have my mother’s interests to look out for. She has Alzheimer’s dementia (as of last year), I have her power of attorney, and her assets are in a bank and a credit union on the east coast while I live in Texas. I have to monitor her accounts at least a couple of times a month and write checks against those accounts for her care. I try to bring up the accounts on my computer as infrequently as possible. My thinking is that every time I connect with them, I am exposing myself and her accounts to identity thieves. That, even though I run malware and spyware programs on my computer more often than I ever have before.
On a regular basis, we get phone calls from “English-as-a-second-language” callers claiming to be agents of Microsoft concerned that our computer has been compromised by a virus. We also get regular calls from some company telling us that we have an opportunity to reduce our credit card interest rate “related to the stimulus.” This, despite the fact that we’re on the national “do not call list.” We also get emails from potential employers looking for people with computer skills willing to invest just a few hours a week to make above average incomes receiving packages from over seas. And, of course, the usual emails from the sons of Nigerian kings looking to send money out of their country to the USA and willing to give me a cut of the action.
Money matters over the Internet are scary at best. But, this has gone on long enough that I find it difficult to sympathize with victims of the scams or, in my opinion, greedy people hoping to get something for nothing that are dumb enough to give their personal information to these thieves. My sympathies lie with the elderly, looking for some way to pay for their retirement, that take an addle-brained risk based on these schemes.
Again, I think it is worth pointing out that the Obama administration’s private communication monitoring, that was decried under the Bush administration, has been increased a thousand fold. But nobody has focused on financial fraud issues that are as least as important as the potential for terrorist attacks.